From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id D5C592141A for ; Sun, 27 Jan 2019 11:48:17 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 2/4] t/hl_mod: extra check to ensure we escape HTML Date: Sun, 27 Jan 2019 11:48:15 +0000 Message-Id: <20190127114817.14486-3-e@80x24.org> In-Reply-To: <20190127114817.14486-1-e@80x24.org> References: <20190127114817.14486-1-e@80x24.org> List-Id: Otherwise, it's open season on our users :< --- t/hl_mod.t | 1 + 1 file changed, 1 insertion(+) diff --git a/t/hl_mod.t b/t/hl_mod.t index b8b8eb9..62cc624 100644 --- a/t/hl_mod.t +++ b/t/hl_mod.t @@ -20,6 +20,7 @@ my $orig = $str; my $ref = $hls->do_hl(\$str, 'foo.perl'); is(ref($ref), 'SCALAR', 'got a scalar reference back'); like($$ref, qr/I can see you!/, 'we can see ourselves in output'); + like($$ref, qr/&&/, 'escaped'); use PublicInbox::Spawn qw(which); if (eval { require IPC::Run } && which('w3m')) { -- EW